OT: Things have changed.....MS unbelievable oversight....

[Fairlight]

This public service announcement was brought to you by Brian K. White:
> So many sensible little things get lost along the way.
>
> Today I got reminded of something I already knew but didn't remember when
> it mattered.  On openSUSE, somewhere along the way someone thought it
> made sense to include /etc/nologin in the list of files that get cleaned
> up at every boot. The rm command is in two different system init scripts
> and no way to avoid the action other than hacking the scripts, and since
> they are system scripts not intended to be user configurable, they can
> and will get un-hacked at any time.
>
> This means it's not possible to lock out users, perform a reboot, perform
> some work in safe isolation after the boot, and then let the users in
> when you are done.

Ugh.

> With a bunch of remote users from different companies, many of them
> working from home & other random places it's impossible to actually call
> them all up and make sure they will stay out voluntarily until you call
> them all back. And in our case, when a box has some reason to go down in
> the daytime, if I haven't edited those rc scripts, there are always 2 to
> 20 people already logged in before _I_ can get logged in after a reboot,
> and _I'm_ sitting at a serial console watching it come up, not waiting
> and guessing blindly when network services will come back up.  I swear
> they must be sitting there with pre-saved passwords in their facetwin
> icons just hammering those icons continuously the whole time.

Single-user mode for the first reboot until you're done?  Might not be
applicable to all scenarios though.

I'd say just add in S99zlocal with a `touch` of /etc/nologin, but
uhm...another one of the "nice" things Novell imposed upon us was doing
away with rc.local, as well as any init script that doesn't follow their
init script syntax/specification.  You can't just put any init script in
there like you could for years; now you have to follow a very specific set
of guidelines for an init script to work.  Said syntax differing from Red
Hat's syntax, no less.

Doing away with rc.local and quickie init scripts was another area of
insanity that really disenchanted me with Novell.

Incidentally--don't even -bother- trying to update OpenSuSE 11.1 to 11.2.
I've tried twice now, once via YaST, once via zypper.  Thank goodness I
backed up my .vdi images.  Considering it's now "supported" as an in-place
upgrade, it works like hell.  The YaST method made the VM so unusable, it
not only wouldn't come back up, it wouldn't even stay usable through the
upgrade--it removed some necessary libraries in the process, including ones
needed by the very X11 and window manager that were running YaST. :/ The
zypper way finished the update, but by the time you'd get done actually
reconfiguring all the things that the update -broke-, you'd spend less time
just transferring data from an old box to a virgin install, even doing all
configuration and hardening.  It was that bad.  I literally beg you not to
waste your time even trying.

I'm done recommending SuSE of any flavour at this point, methinks.  That
twice-failed upgrade, and yast breaking my network interface configuration
(I say break, I -mean- ENTIRELY ERASING) when all I did was flip from
Enable to Disable for IPv6...  Those were the final straws for me with
them.  They don't even sell their own software now.  You have to go through
a reseller when your license expires--Novell itself can't/won't sell you
licenses.  Bugger that.

Next machines I have full say in implementing will be CentOS, assuming
CentOS is not abandoned, as they claim it's not dead.  They're still
updating both 5.4 and 5.3, but I'm waiting to see if they release another
version before I make the final call.  Assuming I see a 5.5 or 6.x, I'll
stay with them if they're as sane as the 5.x series is.  It's the lightest
distribution I've seen in years, it doesn't do anything notably weird, no
update has broken my systems yet (yum is -way- faster than SOU), and I
-really- like the fact that someone's actually making an install yet that
actually -doesn't- use/mandate GUI.  If CentOS tanks for some reason, I'll
probably evaluate something else.  

Red Hat has proven their incompetence too many times for my liking.  In
RHEL3, they broke perl and never fixed it.  You're not supposed to be able
to segfault perl, and you could--and in one of three functions...sort, int,
or return.  They had full demo/proof code from me, and never fixed it to
this day.  A client just updated to RHEL5, and lo and behold it ships with
a broken libexpat, out of the box.  Yup, totally and utterly broken.  You
cannot build a working XML::Parser module in perl with the stock RHEL5
libexpat.  If you install the library off libexpat's site and compile
against it in a parallel installation, it's fine.

Do you know how either arrogant or incompetent you have to be to -break-
something that only actually requires `./configure;make;make install`?
Literally, I kid you not--and they mess it up.  Red Hat is the screwup that
keeps on delivering aggravation.  I can't decide which is worse--Novell or
Red Hat.

And I don't like Ubuntu's politics.  An hour on an Ubuntu system someplace
was all I needed to decide I didn't like their design/placement, either.
So that's out.

Debian's a write-of for anyone with half a mind for security, since they
patch late consistently by all accounts.

If I had the time, I'd do my own distribution.  And I'd maintain it
sanely--by updating every RPM with the virgin source -as released by
project teams-, not rolling patch after patch in in-house like all these
dists do.  There's no excuse for the sorry state of lousy updates and
meaningless version numbers that has come to pass in the Linux world.

Some of the later distributions we're seeing really rival Mandrake 6.2 in
terms of sheer incompetence; and that's saying a LOT, because I'm not sure
there was a worse distribution--ever.  Using that special (pgcc?) compiler
was one of the most idiotic things they could have done.  Thing was as
stable as a house of cards in Haiti, China, or Mexicali.

Anyway...  At least CentOS hasn't disappointed me yet.  Yes, I know it's a
RH derivative.  But I haven't observed anything -breaking- hideously,
either.  Yet.  *touch wood*

mark->
-- 
Audio panton, cogito singularis,